wfx logo.png
DE Article Risk of DIY Security Jan 2019


The Risky Business of DIY Church Security:

There is a Better Way


Despite limited training or experience, well-intentioned DIYers entrusted with complex projects can leave congregations open to far-reaching ramifications.

Essentials of a Comprehensive Security Program Implementation Process:

1. Name an internal Security Team com­posed of main stakeholders and a certified security consultant as  facilitator.

2. Commission a Comprehensive Security Risk Assessment (CSRA) throughout the fa­cility/campus.

3. Obtain a record set of facility’s archi­tectural drawings and conduct a Compre­hensive Preliminary Architectural Security Study (ComPASS) of the site and plans for use by the Security Team in cooperation with the Assessment.

4. Identify priorities and estimated cost ranges associated with each project.

5. Develop and institute operational, or­ganizational, policy and procedure recom­mendations.

  • Establish emergency operations plans.

  • Provide staff and occupant training.

  • Develop prevention programs and staffing.

  • Create and coordinate recovery plans and processes.

  • Ensure coordination and communica­tion with all levels of law enforcement and other first responders including fire depart­ment and EMS, as well as regional medical services, prevention coordinators, recovery team, and others as appropriate.

6. Achieve required governmental and district compliance.

7. Develop long range masterplan of proj­ect implementations.

8. Begin the first project design of the masterplan using a professional security de­sign team consisting of the district adminis­trator and security director, project architect/ security designer, board-certified security consultant, and other key personnel.

9. Competitively bid and execute the first prioritized project.

10. Repeat the process, project by project, year by year as annual budgets permit.


Board-certified Physical Security Professionals (PSP) are generally individuals involved in the security industry, in design, installation, train­ing, assessment, architecture, etc. Licensed ar­chitects with PSP certification are in a unique position to consider the physical infrastruc­ture’s security concerns. With expertise in Life Safety and Fire Safety code compliance and implementation, a licensed architect routine­ly deals with aspects that are closely related to security concerns in the planning, design and construction of buildings.

A licensed architect who is also board certified as a security professional brings a unique and valuable combination of essen­tial skills and experience to the tasks of com­prehensively assessing facility security risks, developing successful solutions to address and mitigate those identified, and prevent­ing those and others in the future.

The outcome is two-fold: preventing loss of valuable assets, and more impor­tantly, protecting from harm and saving human lives.

Dennis Elledge, RA, PSP, AIA | Mar 12, 2019


The current rise and popu­larity of DIY (Do-It-Yourself) is phenomenal; it’s more than a movement about crafting and cooking. Americans are willing to take on virtually anything to save time or money, to meet a legitimate need, or simply for the thrill of a challenge. A serious pitfall is the temptation to tackle a project that should be entrusted to professionals. Legal contracts, medical consulting, construction management, etc., are complex endeavors with big risk factors and far-reaching ramifications.

Without regard for potential harm and li­ability, and despite limited training or expe­rience, highly motivated and well-intended DIYers do take on these and other tradition­ally professional or technical activities.

There are exceptional DIYers who have had applicable training or experience and produce impressive, functional results. How­ever, if their perspective is skewed or their skills fall short, the welfare of their families, businesses, and communities are at risk. Such is the case of self-directed and some­times self-performed––DIY––security pro­grams in schools, businesses and houses of worship across America.

As the home chef does, corporate and ad­ministrative executives and their teams find information-rich programming on televi­sion and the internet. They are inundated by education and parent associations, boards, trade magazines, and government studies and publications from FEMA, the Depart­ment of Justice, Department of Homeland Security, and the FBI.

They receive articles, checklists, suggested products and procedures, and quasi-standards for institutional and personal security. Part of this information overload and reaction is the reality of America’s increasingly violent soci­ety. Local, national, and international news broadcasts make it very clear that the need for effective prevention, appropriate security and reliable protection is greater than ever. Virtual­ly every week there is a report of a mass shoot­ing, detailing random or targeted violence at a school, church or public venue.


The typical approach to security concerns in the past was to be aware of possible threats, pro­vide a safe environment as best they could, and rely heavily on a little help from their friends in law enforcement. Despite widely publicized intense security issues in targeted violence sce­narios, little has changed in the approach at the local level. Staff training is provided, and incremental physical improvements are made with the hope that they will be effective.

Unfortunately, this well-meaning, hands-on approach is inadequate for such critical needs, but it is still the norm due to many factors.

The reality of both random and targeted violence in schools, businesses, entertain­ment venues, and houses of worship in the United States is undeniable. Sometimes de­nial gives way to a resolve to “do something about it.” Inadequate security budgets and in-house resources are stretched. Reaction­ary thinkers offer unproven tactics. Familiar vendors push trending safety products to facility managers. Law enforcement and vol­unteer groups are directed to “do their best” even though they are not properly trained, educated, or experienced.

The DIY security solution is launched on a wing and a prayer. At this point of awareness, it is imperative that those in positions of authori­ty and influence cease doing Business As Usual. They must take an honest look at their com­munity, facility, and personnel’s current and past approaches to the issues of security and safety. Consequently, their priorities are forced to shift from protection of property, to protect­ing human life. A comprehensive assessment of current conditions must be performed. Recom­mendations for a reasonable process and im­plementation schedule must be developed and approved. This daunting task cannot be taken on with the former Business As Usual outdated methods, or with a DIY mentality, but rather with a mindset of The New Business As Usual.


The New Business as Usual takes a mindful approach to security, safety, and protection of property and life. Rather than piecemeal solutions involving incremental purchas­es and physical improvements, it employs a comprehensive yet systematic approach. Project-based processes are inherently sys­tematic and begin by engaging professionals.

Project programming, design, and man­agement are best performed by certified professionals. Security-specific assessments, design, and project management are neces­sary to a successful outcome and should be performed by a board-certified security con­sultant. The project-based approach of The New Business as Usual can be highly cost ef­fective compared to incremental spending.

Without a complete campus and facili­ty-wide plan for guidance, low-priority, incre­mental improvements can be poor and risky investments. Involvement of staff at multi­ple executive and administrative levels can be time consuming, costly and cumbersome and may still yield ineffective solutions. A professional security design consultant will use results from a Comprehensive Security Risk Assessment (CSRA) to produce a spe­cific scope of work for competitive bidding.

This method will result in procuring the exact services and products needed, from qualified contractors, on a specified schedule, for the best price. Procedural changes, com­munication advancements, and capital im­provement projects can add significant long-term value to the facility. These successful projects produce tangible, potentially life-sav­ing results as well as evidence of the leader­ship team’s engagement and accountability.

The foundational CSRA prioritizes all needs. Once the Assessment is complete, a long-range masterplan of implementation can be established in conjunction with pro­jected funding of the recommendations. The Assessment and its action plan provide credi­bility of the findings, feasibility of implemen­tation, and evidence of committed leadership.

What does the Comprehensive Securi­ty Risk Assessment entail? Simply stated, a board-certified consultant experienced in se­curity risk assessments performs an in-depth site, campus, and facility survey of the client property––school, business, church, entertain­ment venue, etc.––conducts interviews, col­lects data and defines potential issues. The cli­ent or owners’ representative receives a report with prioritized recommendations to maintain and improve the security and safety policies in­cluding operational and best security practices, safety and security procedures, physical securi­ty measures, and site hardening projects.

This approach involves much more than the infrastructure alone. It includes Pre­vention, Policies, Procedures, Personnel, Compliance, Infrastructure, Technology, Re­sponse and Recovery preparations.

Much of what is needed is about com­munication and operations. For instance, there is much optimism regarding preven­tion options and technology from reporting and tracking software like Some initiatives will cost little or no extra money and can be enacted quickly. Part of this holistic approach requires coordina­tion of all aspects in a systematic, reason­able, and balanced way.